Idk why they even bothered putting the second stage as a downloaded file, surely that just makes it more suspicious since people can see connections to a .ru domain and anyone who would check the base64 in the first place would know it's malware after seeing the further obfuscation.
apologize for the small font size, didnt realize it would be a problem until i watched it on my phone lol 😂
Popped up on my fyp and I don’t regret it 😌
Idk why they even bothered putting the second stage as a downloaded file, surely that just makes it more suspicious since people can see connections to a .ru domain and anyone who would check the base64 in the first place would know it's malware after seeing the further obfuscation.
Surely its just so they can modify the code for new victims?
It might be to confuse windows defender, with the multiple stages it was probably meant to throw windows defender off, that's just my guess though
Nice work brother❤
Thanks
It's impossible to read the text in visual studio code, please bigger font size
Yeah I apologize
can you put a link for people who want to report it?
Hey now on github theres so much of the same coded malware like shown in your video with the same server i made a video on a similar thing
Yeah it's a major problem, it's a bot posting the same code under different repository names
@@flyralt yeah